Boonana Trojan Spreads Through Social Media, Targets Mac OS X; Initially Runs as a Java Applet

Written By Sam on 31 October 2010

Heard of the malicious Boonana Trojan? It’s got Mac users, who are active on social networking sites, scratching their heads for a solution. The new trojan horse Trojan.osx.boonana.a, which SecureMac recently discovered, affects Mac OS X, including Snow Leopard (OS X 10.6), the latest version of OS X. It is spreading through social networking sites, including Facebook, disguised as a video. The Trojan currently appears as a link in messages on social networking sites with the subject “Is this you in this video?”

When a user clicks the infected link, the Boonana Trojan initially runs as a Java applet, which downloads other files to the computer, including an installer. The installer launches automatically and goes on to modify system files to bypass the need for passwords, allowing external access to all files on the system. The trojan runs invisibly in the background at startup, often goind untetected till the damage has been done. It even hijacks user accounts to spread itself further via spam messages. There have also been reports of the trojan spreading through e-mail messages, besides social media sites. So beware!

It’s not just the Mac users who need to be careful while downloading links to their PCs. For we heard the java component of the trojan is cross-platform and is capable of affecting Microsoft Windows as well. In fact, SecureMac even mentioned reports of similar behavior in recent trojan horses targeting Windows. However, it is not exactly clear as to how the trojan affects Windows.

Remember: The trojan attempts to hide its internet communications and actions through obfuscated code spread through multiple files, and will attempt to contact additional command servers if the primary servers are unavailable. So, be discrete in clicking on links.

Solution: SecureMac has released a removal tool to eliminate this threat that you can download for free.

Prevention: Users can protect themselves from infection by turning off Java in their web browser. This can be accomplished in Safari by clicking the Security tab under Safari Preferences, and making sure the ‘Enable Java’ checkbox is unchecked.

Leave your response!